A symbolic model checker for TLA+
Apalache translates TLA+ in the logic supported by the SMT solvers, for instance, Microsoft Z3. Apalache can check inductive invariants (for fixed or bounded parameters) and check safety of bounded executions (bounded model checking). To see the list of supported TLA+ constructs, check the supported features. In general, Apalache runs under the same assumptions as TLC.
Check the releases page.
We recommend you to run the latest docker image
checkout the source code from
master, which accumulate
bugfixes over the latest release, see the manual.
To try the latest cool features, check the unstable
Read the user manual.
We are collecting apalache benchmarks. See the Apalache performance when checking inductive invariants and running bounded model checking. Version 0.6.0 is a major improvement over version 0.5.2 (the version reported at OOPSLA19).